561217a3503b7e3f42ba426b50d6c943

Sharing

Copy URL Twitter E-mail

General

Target

561217a3503b7e3f42ba426b50d6c943
Size

48KB
MD5

561217a3503b7e3f42ba426b50d6c943
SHA1

9707d32b079a7f0e722f0e975048d6150a0b2b06
SHA256

060179a872c3bdf5213373e32b0061828e980574652b63367224790fad08dfd6
SHA512

7b438544217cb3393bf929e513601a49f77b18aa3608a14496b9ed9f9ee1a961f0cbad4289988f8d3462eb7c4c17991de4199aec3cb6bcc252fa7d91632a30ef
SSDEEP

384:3GPVoDW2EsMTOLzm+CDYTiJ60ZfV2Pb4W0kVGsPAmfvUterdlVPCrEU8IQGrEU84:2P9XsMTOLnYJ6SfKPA9krFPTDGIXqb7D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
561217a3503b7e3f42ba426b50d6c943

Files

561217a3503b7e3f42ba426b50d6c943
.dll windows:4 windows x86 arch:x86

f261acc6cf9a830fd65133be477bd7b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
CloseHandle
GetCurrentProcess
GetProcAddress
LoadLibraryA
lstrlenA
Sleep
CopyFileA
CreateThread
TerminateProcess
WaitForMultipleObjects
ReleaseMutex
CreateProcessA
WaitForSingleObject
GetStartupInfoA
OutputDebugStringA
CreateEventA
ReadFile
PeekNamedPipe
WriteFile
FreeLibrary
GetVersionExA
HeapFree
HeapAlloc
GetProcessHeap
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualQueryEx
ReadProcessMemory
GetSystemInfo
SetFileTime
GetFileTime
CreateFileA
DeviceIoControl
OpenProcess
DuplicateHandle
MapViewOfFile
UnmapViewOfFile
GetSystemDirectoryA
lstrcatA
DeleteFileA
CreatePipe
GetLastError

user32

ExitWindowsEx

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
RegCreateKeyA
RegQueryValueExA
RegCloseKey
LookupAccountSidA
GetTokenInformation
RegSetValueExA

msvcirt

?cerr@@3Vostream_withassign@@A
?endl@@YAAAVostream@@AAV1@@Z
??6ostream@@QAEAAV0@PBD@Z
?cout@@3Vostream_withassign@@A
??6ostream@@QAEAAV0@K@Z

msvcrt

fwrite
fread
fopen
fgetc
printf
malloc
rewind
ftell
fseek
strncpy
getenv
__CxxFrameHandler
free
exit
fputc
sprintf
rand
atoi
srand
time
atol
mbstowcs
strstr
__dllonexit
_wcsicmp
_initterm
_adjust_fdiv
_stricmp
fclose
??3@YAXPAX@Z
_strnicmp
fprintf
_onexit

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExA

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

wininet

InternetOpenA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetConnectA
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
InternetCrackUrlA
InternetSetOptionA
HttpOpenRequestA
InternetCloseHandle
InternetReadFile

Exports

Exports

ServiceMain

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f261acc6cf9a830fd65133be477bd7b6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcirt

msvcrt

psapi

msvcp60

wininet

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 114KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 114KB

.reloc
Size: 4KB - Virtual size: 2KB